1
# frozen_string_literal: true
2

3
module WPScan
4
  module Finders
5
    module WpVersion
6
      # RSS Generator Version Finder
7
      class RSSGenerator < CMSScanner::Finders::Finder
8
        include Finder::WpVersion::SmartURLChecker
9

10
        def process_urls(urls, _opts = {})
11
          found = Findings.new
12

13
          urls.each do |url|
14
            res = Browser.get_and_follow_location(url)
15

16
            res.html.xpath('//comment()[contains(., "wordpress")] | //generator').each do |node|
17
              node_text = node.text.to_s.strip
18

19
              next unless node_text =~ %r{\Ahttps?://wordpress\.(?:[a-z]+)/\?v=(.*)\z}i ||
20
                          node_text =~ %r{\Agenerator="wordpress/([^"]+)"\z}i
21

22
              found << create_version(
23
                Regexp.last_match[1],
24
                found_by: found_by,
25
                entries: ["#{res.effective_url}, #{node.to_s.strip}"]
26
              )
27
            end
28
          end
29

30
          found
31
        end
32

33
        def passive_urls_xpath
34
          '//link[@rel="alternate" and @type="application/rss+xml"]/@href'
35
        end
36

37
        def aggressive_urls(_opts = {})
38
          %w[feed/ comments/feed/ feed/rss/ feed/rss2/].reduce([]) do |a, uri|
39
            a << target.url(uri)
40
          end
41
        end
42
      end
43
    end
44
  end
45
end
46

47